Search form

You are here

Home › John Lister › New Wi-Fi Crack can Intercept Your Data: What You Need to Know

New Wi-Fi Crack can Intercept Your Data: What You Need to Know

by John Lister on October, 17 2017 at 01:10PM EDT

One of the key security protections in WiFi has a serious vulnerability, a researcher has revealed.
The exploit has to do with the protocol "WPA2" - currently considered the most
secure protocol commonly used on WiFi routers and hotspots. Here's what you need
to know about the WPA2 exploit.

What's the problem and what does it affect?

Security researcher Mathy Vanhoef has published a demonstration for what he's called
"KRACKs," short for key reinstallation attacks. That's a way of exploiting a weakness in WPA2 (WiFi Protected Access II), the security system that
is most commonly used when protecting wireless Internet communications (WiFi). The problem could affect almost any device using WiFi
and the WPA2 protocol, regardless of the operating system of browsers involved. (Source: krackattacks.com)

How is WPA2 meant to work?

WPA2 involves encrypting data while it is traveling wirelessly. That means that even if somebody is able to intercept the data, it's effectively unreadable. Decrypting the data requires lengthy codes called encryption keys. WPA2 has an extra security measure that means the recipient can't just decrypt the data, but can
also check if it hasn't been intercepted on the way by an imposter.

What is the problem exploited by KRACKs?

As part of the process of ensuring the data has been passed on from the genuine sender without interception, WPA uses a process called a
"four way handshake." This refers to the fact it needs four pieces of information: the identities of the two devices sending and receiving the data, and then two codes called
"nonces" that are meant to be created and used for each specific session rather than being reused. Vanhoef found a way to reuse a nonce, which makes it theoretically possible for somebody to intercept and read the data without authorization.

What are the limitations to an attack?

An attacker would need to be in physical range of the wireless devices. That means an attack would most likely be used either for a specific attack against an individual, or on public networks such as free WiFi in a coffee shop.

The extent of the potential damage varies from device to device. The most serious is for some Android connections where the attackers might be able to change
data, rather than just read and intercept it.

An example of an attack would be a
"man in the
middle" attack, where websites are forged for the purpose of stealing
credentials and other financial information. For example: a user might use
mobile banking at a mobile hotspot, thinking he is connected to his bank, but in
fact the user is being redirected to a fake banking site where credentials and
other financial information are stolen. This would be a difficult hack to pull
off, but still possible.

It's worth nothing that some traffic sent to and from secure web pages (which begin with https://) will be immune because of an extra layer of protection, though this may rely on the
pages being correctly configured.

Is there a fix?

Yes, but it will require an update to firmware on each device, including routers. Firmware is the software that specifically controls the device itself, rather than the applications and operating system. That means manufacturers will need to send out fixes. Microsoft has already issued a fix, while Google says one will roll out "in the coming weeks".

What should You do?

The most important thing is to make sure all available security updates are installed on your devices, including your router. This means either manually checking for updates or switching on automatic updates. In some cases, you may need to contact the manufacturer (or Internet provider if they supplied your router) to check whether an update is available.

Beyond this it's a case of balancing risk vs convenience. In most cases, using secure (https://) websites should still be safe. If you really need to send particularly sensitive data and for some reason the site you are communicating with doesn't use https, you could consider temporarily using either a wired (Ethernet) connection to your router or switching to cellular data to send such data until your devices are patched. (Source: techcrunch.com)

Comments

It's important to remember that most - if not all - encryption algorithms over time get "cracked" due to vulnerabilities such as this. As the article mentioned, WPA2 is currently considered the "most secure" protocol (aside from this vulnerability); any other protocols offered (WEP, etc) have also been cracked. If you deal with highly sensitive data, please use a wired connection until you are certain the vulnerability has been patched.

If you own your own router, that means you will have to visit the router manufacturer's website and download firmware, login to the router's administration page, then flash the firmware, then make sure you're using the proper protocol. If anyone needs help with this I can assist by remote - but please make sure that the router firmware is available before contacting me for assistance.

So that's why my, rather old, route needs an update. (First one in years.) Funny part was the "installed" firmware ver and the "new" firmware update ver were the same number. I installed it anyway. Question: My router has a "guest" feature. (Turned off) but does that change anything for the people who use that feature?

As far as I know, the only difference between the primary and guest connections is that the primary connection provides access to the internet and any other devices connected to the router (network access storage drives, printers, etc.) while the guest connection gives access to the internet only, and not your local network. There should be no difference in internet security between the two.

From my reading of the problem on their site it appears that it isn't just WPA2 that is at risk and WPA is affected. I have copied this from the author's site: " For instance, the attack works against personal and enterprise Wi-Fi networks, against the older WPA and the latest WPA2 standard, and even against networks that only use AES."

A quick search in Google shows WPA was cracked in 2012, so this WPA2 crack is more likely 'backwards compatible' with the old WPA version 1. As mentioned in this article, the "strongest" encryption is currently WPA2 (aside from the current crack available) - it does not matter if you're using AES encryption or not.